But the question is: How these hacking tools ended up into the hands of hackers?

It has been found that the NSA itself was not directly hacked, but a former NSA employee carelessly left those hacking tools on a remote server three years ago after an operation and a group of Russian hackers found them, sources close to the investigation told Reuters.

The leaked hacking tools, which enable hackers to exploit vulnerabilities in systems from big vendors like Cisco Systems, Juniper, and Fortinet, were dumped publicly online by the group calling itself "The Shadow Brokers."

NSA officials have also admitted to the FBI that their careless employee acknowledged the error shortly afterward, and hence the agency was aware of its operative's mistake from last three years.

But instead of warning the affected companies that their customers were at risk, the NSA maintained the silence.

"After the discovery, the NSA tuned its sensors to detect [the] use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia," Reuters reports.

Well, that's Bullshit! If they call it a 'tactic.'

Shortly after the public release of NSA cyber weapons, firewall vendors Cisco and Fortinet confirmed that the leaked zero-day vulnerabilities were legitimate and issued out patches to fix those exploits.

We are still waiting for the comments from the NSA, the FBI and the Office of the Director of National Intelligence about the matter.

Since the initial leak of NSA's hacking tools last month and confirmation of the leaked vulnerabilities being legitimate by Cisco and Fortinet, the intelligence agency and online community has been finding out the working exploits in the data dump that are still unknown and used in the wild.

Just recently, Cisco revealed a new zero-day vulnerability from the leaked data dump that had been used by hackers to target some of its customers, which indicates that hackers would likely continue to take advantage of the now-exposed exploits to conduct cyber attacks.

Son of a Baptist Minister, 28-year-old British man named Lauri Love has been charged with hacking into the computer systems of the US army, NASA and other federal agencies.

He was arrested Friday at his home in Stradishall, England by the National Crime Agency and according to the indictment alleges Love and his unnamed co-conspirators hacked into thousands of computer systems between October 2012 and October 2013. The indictment does not accuse Love of selling information or doing anything else with it for financial gain.

His father Alexander Love, 60, a Baptist minister, works as a chaplain at HMP Highpoint North. His mother Sirkka-Liisa Love, 59, also works at the jail as a teacher.

He is charged with one count of accessing a U.S. Department or agency computer without authorization and one count of conspiracy. The government said the purpose was to disrupt the operations and infrastructure of the federal government. They stole data on more than 5,000 individuals, as well as information on government budgets and procurement processes.

Love is alleged to have used the online monikers "nsh", "route", and "peace" to plot attacks from his home with three unnamed conspirators in Australia and Sweden and US authorities declined to discuss whether they had been arrested or will be arrested and extradited to the US.

"You have no idea how much we can fuck with the US government if we wanted to," Love told a hacking colleague in one exchange over Internet relay chat, prosecutors alleged. "This... Stuff is really sensitive. It's basically every piece of information you'd need to do full identity theft on any employee or contractor".

Love could be extradited to the US, where if convicted he faces up to ten years in prison and a fine for twice the damage caused. Gary McKinnon’s mother, Janis Sharp, accused US authorities of targeting young British geeks, said “They are just young geeks sitting in their bedrooms; they’re not murderers, they’re not terrorists, they’re not selling secrets, they’re just searching for information,".

He has been released on bail until February and could face a maximum potential penalty of five years in prison and a $250,000 fine for each count.

Earlier reports based on Snowden's documents revealed the existence of the NSA's PRISM program, and indicate that the National Security Agency spied on Brazilians.

On other End, President Obama said that the Syrian government used chemical weapons on its citizens and The United States may have to take military action against Syria.

Against same issues, yesterday various pages on NASA's website were hacked by a Brazilian Hacker named "#BMPoC" and the visitors to the pages were first greeted with a pop-up window which reads "DO NOT ATTACK THE SYRIAN" followed by another reading "U.S. SPY STOP THE BRAZIL" before the deface page appears.

The complete deface message on the page was:

Stop spying on us.The Brazilian population do not support your attitude!The Illuminati is now visibly acting!Obama heartless!Inhumane! You have no family? The point in the entire global population is supporting you. NOBODY!We do not want war, we want peace!!!

Not the complete website or the front page was affected in the hack, but some pages were hacked , including:

http://event.arc.nasa.gov/sites/

http://kepler.nasa.gov/news/managerupdates/

http://lunarscience.arc.nasa.gov/lsf2012/nasa

http://planetaryprotection.nasa.gov/images/

http://academy.arc.nasa.gov/hi.html

http://astrobiology2.arc.nasa.gov/images/

http://virtual-institutes.arc.nasa.gov/images/

At the time of writing, hacked pages were restored but defacement mirrors are available:

QinetiQ, a UK-based defense contractor suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ's faulty decision-making.

QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East.

The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis. In one of the attacks, that took place in 2009, the hackers raided at least 151 machines of the firm’s Technology Solutions Group (TSG) over a 251-day period, stealing 20 gigabytes of data before being blocked.

As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with the question of how much damage has already been done. 1.3 million pages of documents, including ones containing highly sensitive military information, were stolen at the time.

The agent had stumbled upon the breach as part of a separate investigation but apparently left out many key details including the fact that other contractors were being hit. Through 2008, is said to have treated the continuing pattern of hacks traced to its buildings as isolated incidents, including the compromise of 13,000 server passwords that attackers were used to help steal huge amounts of classified military engineering data.

QinetiQ committed the first mistake as it restricts its investigation on the first discovery of the spying. Even when NASA warned the firm that it was being attacked by hackers from one of QinetiQ’s computers the firm apparently continued to treat incidents in isolation.

The hackers were able to exploit unpatched security flaws and other vulnerabilities across QNA to infiltrate multiple divisions of the company including Cyveillance, the company's cybersecurity unit. In 2010, HBGary, the security firm hacked in 2011 by Anonymous, was hired by QinetiQ along with Terremark to investigate the attacks. HBGary almost immediately identified malicious software on most of QinetiQ’s computers.

The spying on QinetiQ and other defense contractors appears aimed at helping China leapfrog the U.S.’s technologically advanced military, foregoing years of research and development that would have cost billions of dollars

John Arquilla, a professor at the U.S. Naval Academy and former military adviser has urged President Barack Obama to pardon the British computer hacker Gary McKinnon and to recruit master hackers to US Cyber Command.

Gary McKinnon faced extradition for hacking into Pentagon and Nasa systems, and but they believe that he could encourage other hackers to become government cyber warriors.

'If the notion of trying to attract master hackers to our cause is ever to take hold, this might be just the right case in which President Obama should consider using his power to pardon,' says Arquilla.

China is widely thought to employ hackers, so the Pentagon aims to expand its cyber security personnel from 900 to 4,900 in the next few years and Hackers are frequently employed by security firms after serving sentences and Arquilla suggest Obama to do so.

'Today's masters of cyberspace are not unlike the German rocket scientists who, after World War II, were so eagerly sought by both sides in the Cold War to help them build missiles for war and rockets for space exploration.'

Aaron Swartz, an internet pioneer and open data crusader, killed himself last month while fighting federal hacking charges and a possible 35-year prison term.

Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA (http://spaceyourface.nasa.gov/).

The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by 'The Hacker News'.

We contact hacker to know more about the hack, on asking How ? Hacker said,"I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server".

Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here. Mirror of hack also available on Zone-h.

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure.

Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks.

Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at 'The Hacker News' stand together for organizations that talk about national security in a serious way.

I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organizations.

Facebook - Internal IPv4 Address and Session Cookie Disclosure

Facebook spent $8.5 million to buy fb.com. According to the many report available on the internet says "fb.com is for Facebook Internal Use Only".

Recently , I came across an issue reported by an user on Google Code website to Google Team members of modpagespeed project.. mod_pagespeed is an open-source Apache module created by Google to help Make the Web Faster by rewriting web pages to reduce latency and bandwidth.

If you closely analyze the URL mentioned in the forum post you might get some encoding error. But if you access the URL via Google Web-Cache ( Interesting Part: Using Google Service to Retrieve Information of Other Google Services )

Hacker is going by name "Antraxt Hacker" and said about vulnerability exposure that,"I just want to proof that NASA is and never will be secured as human kind thinks they are".

The xss vulnerable link is disclosed in pastebin note. I feel this not a offensive hack by hacker, even NASA should take advantage of free of cost Penetration testing services from individual like , who even not looking for Bug Bounties.

A Hacker going by name - "LegitHacker97" claiming that he successfully access a NASA subdomain website , that actually belongs to a US Government computer, as mentioned on homepage.

***** WARNING *****

This is a US Government computer

Hacker also dump a 82.51 MB (compressed or 337 MB uncompressed) Archive five days ago on internet, includes the complete source code of the website (in ASP). After watching the pastebin note, we tried to contact the hacker for collecting more information about the hack.

Hacker describe The Hacker News via mail that,"This was hacked by a major LFI vulnerability which allowed me to upload my own shell (backdoor to the site) and I took advantage of it by downloading all off the website !". He add ,"But now vulnerability is fixed".

I download the dump from the link posetd by hacker in pastebin note and tried to match the files with NASA website and subdomains, and found that these file actually belongs to one of the NASA subdomain at https://nsckn.nasa.gov as mentioned by hacker in mail to The Hacker News. But still, I was confused about , how hacker get into area where only authorized users can login.

After exploring more on internet, I found a article on SpaceRef that "NASA Space Launch System Technical Document Access" on NASA website at domain https://nsckn.nasa.gov, but one need to request an account for accessing the documents from NASA's Contracting Officer McCollister at joseph.m.mccollister@nasa.gov.

It can be possible that, Hacker social engineered the folks at NASA to get in and then found some Vulnerability to get access to server, because Social Engineering is the only weakest Link in Information Security and there is no patch for Human stupidity.

Stay tuned for more updates about the the hack !

Update: Hacker upload archive on few more file sharing sites as listed below: